Univention Bugzilla – Bug 54799
Diagnostic: Check if Kerberos accounts are missing
Last modified: 2022-08-01 11:30:29 CEST
In a customer environment, the account krb5PrincipalName=krbtgt/REALM was missing on one backup, because of replication failures. Because of this, no kerberos ticket could be acquired when authenticating against that backup service. All diagnostic checks were successful at that point. 22_kdc_service.py only checks if all kerberos servers are answering (with an error), ticket generation is not tested. We could add a diagnostic check, which checks if all necessary kerberos accounts exist on the server.